---
page_title: "cloudflare_access_identity_provider Resource - Cloudflare"
subcategory: ""
description: |-
  Provides a Cloudflare Access Identity Provider resource. Identity
  Providers are used as an authentication or authorisation source
  within Access.
---

# cloudflare_access_identity_provider (Resource)

Provides a Cloudflare Access Identity Provider resource. Identity
Providers are used as an authentication or authorisation source
within Access.

~> It's required that an `account_id` or `zone_id` is provided and in
   most cases using either is fine. However, if you're using a scoped
   access token, you must provide the argument that matches the token's
   scope. For example, an access token that is scoped to the "example.com"
   zone needs to use the `zone_id` argument.

## Example Usage

```terraform
# one time pin
resource "cloudflare_access_identity_provider" "pin_login" {
  account_id = "f037e56e89293a057740de681ac9abbe"
  name       = "PIN login"
  type       = "onetimepin"
}

# oauth
resource "cloudflare_access_identity_provider" "github_oauth" {
  account_id = "f037e56e89293a057740de681ac9abbe"
  name       = "GitHub OAuth"
  type       = "github"
  config {
    client_id     = "example"
    client_secret = "secret_key"
  }
}

# saml
resource "cloudflare_access_identity_provider" "jumpcloud_saml" {
  account_id = "f037e56e89293a057740de681ac9abbe"
  name       = "JumpCloud SAML"
  type       = "saml"
  config {
    issuer_url      = "jumpcloud"
    sso_target_url  = "https://sso.myexample.jumpcloud.com/saml2/cloudflareaccess"
    attributes      = ["email", "username"]
    sign_request    = false
    idp_public_cert = "MIIDpDCCAoygAwIBAgIGAV2ka+55MA0GCSqGSIb3DQEBCwUAMIGSMQswCQ...GF/Q2/MHadws97cZg\nuTnQyuOqPuHbnN83d/2l1NSYKCbHt24o"
  }
}

# okta
resource "cloudflare_access_identity_provider" "okta" {
  account_id = "f037e56e89293a057740de681ac9abbe"
  name       = "Okta"
  type       = "okta"
  config {
    client_id     = "example"
    client_secret = "secret_key"
    api_token     = "okta_api_token"
    okta_account  = "https://example.com"
  }
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `name` (String) Friendly name of the Access Identity Provider configuration.
- `type` (String) The provider type to use. Available values: `azureAD`, `centrify`, `facebook`, `github`, `google`, `google-apps`, `linkedin`, `oidc`, `okta`, `onelogin`, `onetimepin`, `pingone`, `saml`, `yandex`.

### Optional

- `account_id` (String) The account identifier to target for the resource. Conflicts with `zone_id`. **Modifying this attribute will force creation of a new resource.**
- `config` (Block List) Provider configuration from the [developer documentation](https://developers.cloudflare.com/access/configuring-identity-providers/). (see [below for nested schema](#nestedblock--config))
- `scim_config` (Block List) Configuration for SCIM settings for a given IDP. (see [below for nested schema](#nestedblock--scim_config))
- `zone_id` (String) The zone identifier to target for the resource. Conflicts with `account_id`. **Modifying this attribute will force creation of a new resource.**

### Read-Only

- `id` (String) The ID of this resource.

<a id="nestedblock--config"></a>
### Nested Schema for `config`

Optional:

- `api_token` (String)
- `apps_domain` (String)
- `attributes` (List of String)
- `auth_url` (String)
- `authorization_server_id` (String)
- `centrify_account` (String)
- `centrify_app_id` (String)
- `certs_url` (String)
- `claims` (List of String)
- `client_id` (String)
- `client_secret` (String)
- `conditional_access_enabled` (Boolean)
- `directory_id` (String)
- `email_attribute_name` (String)
- `email_claim_name` (String)
- `idp_public_cert` (String)
- `issuer_url` (String)
- `okta_account` (String)
- `onelogin_account` (String)
- `ping_env_id` (String)
- `pkce_enabled` (Boolean)
- `scopes` (List of String)
- `sign_request` (Boolean)
- `sso_target_url` (String)
- `support_groups` (Boolean)
- `token_url` (String)

Read-Only:

- `redirect_url` (String)


<a id="nestedblock--scim_config"></a>
### Nested Schema for `scim_config`

Optional:

- `enabled` (Boolean)
- `group_member_deprovision` (Boolean)
- `seat_deprovision` (Boolean)
- `secret` (String, Sensitive)
- `user_deprovision` (Boolean)

## Import

Import is supported using the following syntax:

```shell
$ terraform import cloudflare_access_identity_provider.example <account_id>/<identity_provider_id>
```
